https (was: Re: Exploit for DNS Cache Poisoning - RELEASED)

Chris Adams cmadams at
Thu Jul 24 13:02:51 UTC 2008

Once upon a time, Robert Kisteleki <robert at> said:
> I understand this is a huge can of worms, but maybe it's time to change the 
> default behavior of browsers from http to https...?

This is a _DNS_ vulnerability.  The Internet is more than HTTP(S).

Think about email (how many MTAs do TLS and validate the certs?).  Even
things like BitTorrent require valid DNS (how about MPAA/RIAA poisoning
the cache for thepiratebay?).

Chris Adams <cmadams at>
Systems and Network Administrator - HiWAAY Internet Services
I don't speak for anybody but myself - that's enough trouble.

More information about the NANOG mailing list